CVE-2026-25592

CRITICAL 10.0

Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.

CWE	CWE-22
Vendor	microsoft
Product	semantic-kernel
Ecosystems	Windows .NET Azure
Industries	TechnologyEnterprise
Published	Feb 6, 2026
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for microsoft semantic-kernel

Be the first to know when new critical vulnerabilities affecting microsoft semantic-kernel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

microsoft / semantic-kernel

< 1.71.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4 github.com: https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d github.com: https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64